A survey of pattern matching algorithm in intrusion detection system

The most common method of IDS functioning is based on pattern matching which recognizes the vandalism occurring on the network using particular patterns and rules. In order to do so, normal behaviors of the network are modeled and then used as a base pattern for recognizing abnormal behavior of the network. The article, in hand, tries to recognize and choose the best algorithms for this operation by surveying, implementing and also collecting all kinds of pattern matching methods so that the best conclusion is reached during matching known attacks with main patterns. In this paper, to collect all algorithms related to the subject, we investigated the discussion of pattern compatibility operation from different aspects. Another aspect studied in this paper is to determine the indexes for grouping the algorithms, meaning the algorithms were classified based on important indexes which more effect on the performance of pattern compatibility operations.